On Tuesday 20 January 2009 4:42:45 pm Samir Bellabes wrote: > Paul Moore <paul.moore@xxxxxx> writes: > > However, in dealing with the issue of personal firewalls I think > > the biggest issue will be the user interaction as you described ... > > how do you explain to a user who clicked the "allow" button that > > the system rejected their traffic? > > maybe because the personnal firewall is the only one which deal with > the LSM hook related to network (?) In the particular case I was responding to there were multiple LSMs being executed in quasi-parallel fashion so the personal firewall (in this case assumed to be a separate LSM) would not be the only LSM implementing network access controls. > >> For starters, the existing LSM interface and the LSM modules > >> themselves could be split up so as to provide > >> > >> selinux.ko > >> \_ selinux_net.ko > >> \_ selinux_fs.ko > >> ... > >> > >> just a suggestion to ease the thinking process for now. > >> If a purely network-related LSM does not have to think about > >> "do I need to implement FS hooks that do chaining or not..." > >> it is a lot better off. > > > > Unfortunately I don't think this solves the problem, it just > > changes it slightly. It is no longer "How do I enable SELinux and > > XXX personal firewall?" but instead "How do I enable SELinux's > > network access controls and XXX personal firewall?" > > And introduce another one : "how do I make SElinux's network access > controls and Apparmor filesystem access controls working together ?" > this is the true deal in this kind of solution. That is also an issue. Needless to say I doubt the "choose your own adventure" approach to security is a good idea. -- paul moore linux @ hp -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
